Question 1. What should a company consider installing on the network perimeter to prevent direct connections between the internal network and the Internet to help protect its data warehouses and employee privacy?

• Router
• VPN server
• ICMP monitor
• Proxy server

Question 2. The Cisco PIX line of products is best described as which of the following?

• software firewall
• PC with firewall installed
• firewall appliance
• VPN gateway

Question 3. Which of the following is a typical drawback of a free firewall program?

• cannot monitor traffic in real time
• oversimplified configuration
• have centralized management
• more expensive than hardware firewalls

Question 4. Which of the following is an advantage of hardware firewalls?

• not scalable compared to software firewalls
• not dependent on a conventional OS
• less expensive than software firewalls
• easy to patch

Question 5. What are the two standard ports used by FTP along with their function?

• UDP 23 control, TCP 20 data
• UDP 20 data, TCP 21 control
• TCP 21 control, TCP 20 data
• TCP 23 data, TCP 21 control

Question 6. Which of the following is true about private IP addresses?

• they are assigned by the IANA
• they are not routable on the Internet
• they are targeted by attackers
• NAT was designed to conserve them

Question 7. Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

• caching firewall
• proxy server
• caching-only DNS server
• DMZ intermediary

Question 8. Which of the following is true about a dual-homed host?

• serves as a single point of entry to the network
• its main objective is to stop worms and viruses
• uses a single NIC to manage two network connections
• it is used as a remote access server in some configurations

Question 9. Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address?

• one-to-one NAT
• port address translation
• one-to-many NAT
• DMZ proxy translation

Question 10. Which of the following is a disadvantage of using a proxy server?

• shields internal host IP addresses
• slows Web page access
• may require client configuration
• can't filter based on packet content

Question 11. Which of the following is a type of VPN connection?

• site-to-server
• client-to-site
• server-to-client
• remote gateway

Question 12. Which of the following is NOT a factor a secure VPN design should address?

• Encryption
• Authentication
• Nonrepudiation
• performance

Question 13. Which IPsec component authenticates TCP/IP packets to ensure data integrity?

• AH
• ESP
• IKE
• ISAKMP

Question 14. Which of the following is NOT an essential element of a VPN?

• VPN server
• Tunnel
• VPN client
• authentication server

Question 15. Which of the following is NOT true about a hardware VPN?

• should be the first choice for fast-growing networks
• can handle more traffic than software VPNs
• have more security vulnerabilities than software VPNs
• create a gateway-to-gateway VPN

Question 16. Which of the following is true about the Internet?

• it is the same as the World Wide Web
• it was established in the mid-1960s
• it was developed by a network of banks and businesses
• it was originally built on an extended star topology

Question 17. Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?

• ISP
• POP
• NAP
• NSF

Question 18. What makes IP spoofing possible for computers on the Internet?

• network address translation
• the lack of authentication
• the 32-bit address space
• the DNS hierarchy

Question 19. What type of attack displays false information masquerading as legitimate data?

• Java applet
• Phishing
• Buffer overflow
• SQL injection

Question 20. Which of the following best describes ROI?

• the chance that a threat will result in lost money
• how long before an investment will pay for itself
• the cost of mitigating a threat
• the benefits of setting security priorities

Question 21. What is considered the first step in formulating a security policy?

• risk analysis
• elimination of threats
• risk reduction
• system monitoring

Question 22. Which of the following best describes a Monte Carlo simulation?

• a technique for simulating an attack on a system
• a formula that estimates the cost of countermeasures
• a procedural system that simulates a catastrophe
• an analytical method that simulates a real-life system for risk analysis

Question 23. Which of the following is a security-related reason for monitoring and evaluating network traffic?

• to determine if your IDPS signatures are working well
• to create substantial data to analyze
• to optimize your router and switch protocols
• to see how many files employees download form the Internet

Question 24. Which of the following is NOT typically an aspect of a security event management program?

• monitoring events
• managing IDPS firmware
• managing data from sensors
• managing change

Question 25. What should an outside auditing firm be asked to sign before conducting a security audit?

• subpoena
• nondisclosure agreement
• search and seizure contract
• social engineering covenant